AT9-99-081 



-20- 



PATENT 



CLAIMS 



1. A method for enabling a program written in 
untri\sted code to access a native operating system 
5 resource, comprising the steps of: 

listening for requests for login credentials; 
responsive to a login request, making a request for 
a native operating system identifier; 

sending t^he native operating system identifier to 
10 the program; 

using the native operating system identifier to 
create a credential, object; and 

using the credential object to login to the native 
operating system to enable the program to access the 
15 resource. 



20 



2. The method as described in Claim 1 wherein the 
program is a Java program and tn^ native operating system 
is Windows NT. 

3. The method as described in claim 1 wherein the 
listening step is performed by a login sWvice, 



4. The method as described in Claim 3\wherein the 
25 login service listens for requests on a named \ipe . 
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5. The method as described in Claim 3 wherein the 
log^i service listens for requests issued via remote 
procedure calls. 

6. \he method as described in Claim 3 wherein the 
request is issued by the login service. 

7. The method as described in Claim 1 wherein the 
native operating system identifier is send by a response 
pipe . 

8. The method as described in Claim 1 wherein the 
credential object is created\in an authentication 
framework. 

9. The method as described aSn Claim 8 wherein the 
authentication framework is a pluggable authentication 
mechanism (PAM) . 

10. The method as described in Claim (^wherein the 
authentication framework is compliant with a J^va 
Authentication and Authorization Service, 
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ri. A method for enabling a program written in 
untrusted code to access a native operating system 
5 resource, \omprising the steps of: 

having \ trusted login service listen on a named 
pipe for requests for login credentials; 

responsive a login request, having the trusted 
login service request a native operating system 
10 identifier; 

returning to the program via a response pipe the 
native operating system identifier; 

in an authentication fsramework, using the native 
operating system identifier tso create a credential 

15 object; and 

using the credential object\to login to the native 
operating system to enable the proVram to access the 
resource . 

20 12. The method as described in Cla\m 11 wherein the 

native operating system is Windows NT. 

13. The method as described in Claim 12\wherein the 
program is written in a language selected from Vava, 
25 ActiveX, and Visual Basic, 
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14. The method as described in Claim 11 wherein the 
authentication framework is a pluggable authentication 
mechanisnk (PAM) having a set of application programming 
interfaces (XPIs) . 

15. The methoci\as described in Claim 14 wherein the 
set of application programing interfaces include login, 
commit, abort and logout APlV. 

16. The method as described inXj^im 14 wherein the 
authentication framework is complaint witiNa Java 
Authentication Service. N. 



006372 . 002 06 : 0430430 .01 



AT9-99-081 



\ 



-24- 




PATENT 



17. A computer program product in a computer 
readable medium for enabling a program written in 
untrusVed code to access a native operating system 
resource, comprising the steps of: 



means\for listening for requests for login 
credentials, 

means responsive to a login request for making a 
request for a native operating system identifier; 
10 means for sending the native operating system 

identifier to the Wogram; 

means for usingVthe native operating system 
identifier to create aVcredential object; and 

means for using the\ credential object to login to 
15 the native operating syste\a to enable the program to 
access the resource 

18. The computer program product as described in 
Claim 17 wherein the program is aN^ava program and the 

20 native operating system is Windows 

19. The computer program product aNs described in 
Claim 17 wherein the means for listening Step is a login 



service , 



25 
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20.^Ehe computer program product as described in 



Claim 17 wherein the^cedential object is created in an 
authentication framework. 
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2\. An application server, comprising: 
a set\ of Java programs; 

a processor running a native operating system 
providing support for executing the set of Java programs; 
and 

means for er^bling each Java program to run in an 
operating system t^ead as a different native operating 
system user, 

22. The application \erver as described in Claim 21 
wherein the native operatingNsystem is Windows NT, 



23. The application server 2kS described in Claim 21 
further including a server application executed by the 
processor for receiving a request for \ervice from a 
client machine and initiating execution \f one of the 
Java programs in a given operating system thread. 
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